Thursday, May 7, 2020

Zoom Security Improvements

Zoom (via David Heinemeier Hansson):

Zoom 5.0 is here!

With robust security enhancements and to prepare you for the upcoming transition to GCM encryption.

Bruce Schneier:

There is nothing in Zoom’s latest announcement about key management. So: while the company has done a really good job improving the security and privacy of their platform, there seems to be just one step remaining to fully encrypt the sessions.

The other thing I want Zoom to do is to make the security options necessary to prevent Zoombombing to be made available to users of the free version of that platform. Forcing users to pay for security isn’t a viable option right now.

Eric S. Yuan (Hacker News):

We are proud to announce the acquisition of Keybase, another milestone in Zoom’s 90-day plan to further strengthen the security of our video communications platform. Since its launch in 2014, Keybase’s team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability.

Dan Moren:

There are, as Yuan points out, drawbacks to implementing that end-to-end encryption, which will be an option for paid accounts, but not mandatory. Namely, certain features won’t be compatible, such as phone bridges and cloud recording (because Zoom can’t decrypt the content).


Update (2020-05-25): Alex Stamos:

Zoom has published an initial design and roadmap for deploying end-to-end encryption for hundreds of millions of meeting participants.

Update (2020-06-03): Gennie Gebhart:

I have been pleasantly surprised with Zoom’s quick and decisive responses to security criticism recently, but after a feedback call they hosted this morning about their end-to-end encryption plan I am back to being disappointed.

The plan that I heard is to build out end-to-end encryption, but as a premium feature offered only to paid accounts.

1 Comment RSS · Twitter

[…] the past couple of weeks, Zoom has been making some security improvements at impressive speed, culminating in the acquisition, announced today, of Keybase. It’s probably good news for […]

Leave a Comment